Deep Packet Inspection Circles Back for a Second Look

Deep packet inspection, a creepy and invasive targeting technology, is looking to make a comeback, this time armed with opt-in consent and incentives for users. The technology, which involves scanning data packets for information on where they come from and what they contain, fell out of favor a few years ago following consumer uproar and congressional hearings, after ISPs tried to use it to target subscribers with ads based on where consumers surfed online. But the Wall Street Journal says (s nws) two major operators — Kindsight and Phorm — are ramping up their efforts, working with Internet service providers to deploy the technology.

Kindsight, which is owned by Alcatel-Lucent SA (s alu), said six ISPs in the U.S., Canada and Europe are testing its service though no ad targeting is underway. Phorm, which touched off a firestorm in Britain, is actively working the market in Brazil, where it’s signed deals with two ISPs and is looking to expand to the U.S. and South Korea. The two companies are hoping a different approach combined with new consumer expectations and market realities may set the stage for a return of deep packet inspection for ad targeting. It’s unclear if Phorm’s return is entirely new or just part of the Wall Street Journal’s attempts to freak people out as part of its “What They Know” series on web targeting.

Advertisement

The companies are trying to be more upfront with users, offering the ability to opt-out of the technology, and they insist they don’t collect personal information, read email or record a user’s browsing histories. But by going deeper into the data packets, companies can extract more data and create more complete profiles on users than a technology like cookies can. Kindsight said it’s able to differentiate between a user’s work and recreation character profiles when they’re online. The companies are also offering more benefits to users who opt-in. Kindsight is offering free security and identify theft protection, while Phorm offers users the ability to get a tailored experience when they visit a partner’s site. Kindsight said consumer expectations have also shifted in favor of more targeted ads. In a market research survey, Kindsight said about 60 percent of users were willing to take its security service for free in exchange for receiving targeted ads. There’s rich irony in people’s willingness to offer up their private web surfing habits to boost Kindsight or their ISPs’ profits, in exchange for protection from “bad guys” that seek to capture details of their private lives for financial gain.

It’s unclear if this will touch off the same type of firestorm as last time. The controversy in Britain killed deals Phorm was trying to strike with BT and two other ISPs. Congressional hearing two years ago targeted NebuAd, a company that has since gone out of business. The fact that we still don’t have a privacy policy from the feds is opening the door for this technology though that may be changing. The Federal Trade Commission and the Commerce Department are both reportedly ?preparing reports on online privacy?, and the FTC is actually considering a “Do not track” option for users, similar to the Do Not Call registry, though it will likely face lots of opposition from marketers.

The desire of ISPs to wring more revenue from their networks means they’ll keep trying to use deep packet inspection to monetize their users. This has been a simmering issue, but has gotten even more pressing as ISPs are threatened with net neutrality and the prospect of becoming “dumb pipes.” If they can get the formula right and manage consumer concerns, ISPs can reap financial rewards not unlike Google (s goog), which also targets consumers with ads. But DPI technology can also strengthen an ISP’s relationship with its users by offering them more tailored or personal content. Plus it’s already used for security purposes. So at this point, absent a firm Do not track option, I think deep packet inspection will increasingly creep back into the picture. It’s too attractive an option to pass up.

No mention of HTTPS/SSL? This would makes DPI eavesdropping very difficult. Only the applications at each ends of the connection could know the contents.
Added to that, there are anonymizing proxies, cookie strippers and the TOR network which can completely hide surfers’ real locations, so people do have an alternative and can avoid being tracked if they really want to.

“But DPI technology can also strengthen an ISPâ€™s relationship with its users by offering them more tailored or personal content”

That’s a bullsh*t marketing line. That’s like saying that I am “strengthening the relationship” of this girl i have a crush on by following her movements, and digging through her trash. I’m doing this so that whenever we have a conversation in the future, I will be able to tell her what she wants to hear.

I don’t want personalized ads. I don’t want stronger relationship with my isp. I just want my isp to provide the one service I buy from them; transportation of data packets.